© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
After testing the fix in this bug, it doesn't appear to be enough to solve the issue. The ssl cert is not being checked, which means a MITM can still alter the contents of the twitter feed.
Since the twitter feed can be altered, it is likely that javascript can still be injected in other fields of the feed.